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Abstract 

Expert systems are widely used in health monitoring 
and fault detection applications. One of the key 
features of an expert system is that it possesses a 
large body of knowledge about the application for 
which it was designed. When the user consults this 
knowledge base, it is essential that the expert 
system’s reasoning process and its conclusions be as 
concise as possible. If, in addition, an expert system 
is part of a process monitoring system, the expert 
system’s conclusions must be combined with current 
events of the process. Under these circumstances, it 
is difficult for a user to absorb and respond to all the 
available information. For example, a user can 
become distracted and confused if two or more 
unrelated devices in different parts of the system 
require attention. A human interface designed to 
integrate expert system diagnoses with process data 
and to focus the user’s attention to the important 
matters provides a solution to the "information 
overload" problem. 

This paper will discuss a user interface to the power 
distribution expert system for Space Station Freedom. 
The importance of features which simplify assessing 
system status and which minimize navigating through 
layers of information will be discussed. Design 
rationale and implementation choices will also be 
presented. 


James L. Dolce and Pamela A. Mellor 
National Aeronautics and Space Administration 
Lewis Research Center 
Cleveland, Ohio 44135 


1.0 INTRODUCTION 

The Space Station Freedom Power System is the 
most sophisticated power system aboard any 
spacecraft to date. Its behavior is monitored by on 
board systems as well as by specialists on the ground. 
When the behavior is abnormal, diagnosing the cause 
can be tedious. Automating this task is necessary to 
ensure safe and efficient operation. Expert systems 
are excellent tools to provide this automation; 
however, an expert system alone cannot solve all the 
problems of monitoring and diagnostics. Human 
expertise is always required. The expert system 
needs to present information to the user without 
obfuscating the rest of the monitoring information. A 
well-designed user interface is the key to clearly both 
presenting system’s status and expert system findings. 
The design of the user interface to the Space Station 
Freedom Power System expert system, Trouble, and 
the rationale for the design specifics will be discussed 
below. 

2.0 POWER SYSTEM OF THE SPACE 
STATION FREEDOM 

The Space Station Freedom requires electric power 
for its day-to-day operation while orbiting the earth. 
The power for the Station is obtained through 
converting solar energy into electricity, however, 
solar flux is not available throughout the station’s 
orbit. To supply the station with power during the 
eclipse phase, excess power must be stored during the 
"sunny" portion of the orbit (insolation). Freedom’s 
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power system consists of three subsystems: 
generation, storage, and distribution. The generation 
subsystem collects solar power during the insolation 
phase of an orbit using solar photovoltaic arrays to 
convert solar power into electric power. This 
generated electric power supplies energy to the 
consumer and is also stored in the storage subsystem 
for use during eclipse. The storage subsystem 
consists of rechargeable nickel-hydrogen batteries. 
The distribution subsystem carries power to many 
different types of power consumers ranging from a 
scientific experiment to an electric shaver used by an 
astronaut. 

3.0 POWER DISTRIBUTION SUBSYSTEM 

The power distribution subsystem is designed to 
supply power to the consumer. The power 
distribution subsystem components include Remote 
Bus Isolators (RBI), Remote Power Controllers 
(RPC), and various buses and cables connecting RBIs 
and RPCs. These components and their 
interconnections form the power distribution network. 
The distribution network and its hardware is 
protected by circuit breakers — the RBI’s and the 
RPC’s -- which cut off power to overloads. If 
current flowing through a circuit breaker exceeds its 
maximum allowable value, the circuit breaker trips 
interrupting the flow of power down the line. 

The inherent complexity of this system can lead to 
problems. Operating with insufficient margin between 
the line current and the breaker settings may cause 
inadvertent power loss or the protection hardware 
itself may fail. A human alone cannot be expected to 
deal with a system this complex. An expert system 
assistant can provide explanations of encountered 
faults and operating advice. Such an expert system, 
combined with a well-designed user interface. 


simplifies the user’s task of understanding the status 
of the power distribution subsystem. The user is able 
to see "at a glance" what the current status is and 
quickly pinpoint the problem area, leading to faster 
and more accurate problem resolution. 

4.0 THE POWER DISTRIBUTION EXPER 

SISIEM 

The power distribution expert system. Trouble, was 
developed at NASA Lewis Research Center in 
Cleveland, OH to monitor and diagnose faults in the 
power distribution subsystem described above. 
Trouble is an object-oriented, rule-based, set-covering 
expert system written in ART (Automated Reasoning 
Tool), an expert system shell by Inference 
corporation and LISP running on a Texas Instrument 
Explorer II workstation. Trouble is also a multi- 
process system that consists of the following 
independent processes: data acquisition, symptom 
detection, diagnosis, and graphical user interface. 
Data acquisition is responsible for obtaining the latest 
values from the power distribution subsystem and 
updating the corresponding objects in Trouble. 
Symptom detection is a set of rules that determine 
whether or not an anomaly is present in the system. 
Diagnosis is responsible for taking the generated 
symptoms and searching the failure database to 
explain an anomaly’s cause. The graphical user 
interface co mmuni cates with the user. 1 

5-0 USER INTERFACE 

5.1 Implementation details 

The user interface is built using the Transportable 
Application Environment (TAE+) software package 
developed by NASA Goddard Space Flight Center 
(GSFQ. The user interface runs on a SUN 
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SparcStation 2 employing Motif under Unix with the 
Ada language used for programming. The expert 
system resides on a completely different computer, so 
a method for sending information between different 
machines was needed. A socket-to-socket 
communication protocol and Remote Procedure Call 
(RPC) protocol were the top contenders. Both 
protocols were implemented, but RPC was the final 
choice due to its reliability and conservative use of 
CPU cycles. TAE + was selected for its quick 
prototyping and Ada programming language 
capabilities. 

The user interface screens are designed with TAE + ’s 
drawing package. Once the screens are drafted they 
are exercised using TAE+’s rehearsal mode. This 
mode animates the dynamic portions of the screens so 
that each screen’s effectiveness can be judged and 
refined early in the development process. After the 
screens are completed to our satisfaction, TAE + 
generates source code that reflects the designed 
screens. (TAE 4- offers a choice of several 
languages.) The source code generated only animates 
the icons. The next step is to add code to acquire 
and to display data as well as to respond to the user’s 
inputs. 

The TAE + environment is well-equipped to handle 
user input; however, data coming from the expert 
system had to be handled separately. The RPC 
protocol is used to receive data from the expert 
system. The expert system determines what remote 
procedure to call based on the data that needs to be 
transmitted. The data is sent as an input parameter to 
a remote procedure. Remote procedures on the user 
interface side evaluate the data sent and determine 
what action to take based on the type of data 
received, e.g. update alpha-numeric values or change 
colors. 


5.2 Screen layout 

The user interface for the power distribution expert 
system is designed from the schematic diagram of the 
power distribution subsystem. The diagram begins at 
the top with the Roll Rings, a rotary joint connecting 
the power distribution subsystem with the power 
generation and storage subsystems. The devices 
depicted on the schematic include circuit breakers 
(RBIs and RPCs), buses, loads, and lines connecting 
the devices. 

The power schematic has been oriented such that 
power is shown to flow downhill, e.g. from the top 
of the screen with the roll rings to the loads at the 
bottom. These power components form a power 
distribution tree. The top-down perspective conveys 
to users the connectivity as well as the direction of 
power flow. As a result, terms such as up-stream and 
down-stream are easier to understand. For example, 
if an up-stream circuit breaker is open, (i.e. the 
i mm ediate parent) then all breakers below the parent 
(descendants) will not be energized. This notion of 
top-down power hierarchy was chosen because it 
capitalizes on everyone’s intuitive understanding of 
gravity. 

Another portion of the screen is reserved for control 
buttons. These buttons control the amount of 
information displayed upon the screen. Some 
information may not be required at all times, 
especially in the normal operating mode. The buttons 
provide the means for hiding or showing information. 
The button names serve as legends for the button’s 
control function. Reducing clutter on the screen 
creates a more comfortable monitoring environment. 
The buttons are color coded to match the colors of 
the screen information that they control. For 
example, the gold button controls the display of the 


3 



names of the devices, therefore, the devices’ names 
are displayed in gold. This feature makes the 
association between the button and its data readily 
apparent. 

Another portion of the screen is dedicated to text 
messages. It is called the annunciator and its purpose 
is to explain abnormalities if they occur. The 
annunciator is always present and cannot be hidden. 
The messages that appear on the annunciator are one 
line descriptions for each anomaly detected by the 
expert system. When an operator selects a particular 
line in the annunciator, that line is highlighted to 
emphasize the selection. At the same time, a purple 
arrow appears next to the device on the schematic 
diagram that has detected the anomaly. Selection of 
an anomaly line also opens up a text area that 
contains a more detailed description of the problem. 
This detailed description appears in its own portion of 
the screen above the annunciator. This text is visible 
only when the annunciator line is selected, and it 
does not obscure the schematic 2 . The highlighted line 
on the annunciator, the purple arrow on the schematic 
diagram, and the detailed explanation of the 
abnormality link the message, the device, and the 
explanation together. These visual cues make it easy 
for the user to see the relationship among the 
messages and the icons. When a message appears on 
the annunciator, an acknowledge button is also 
activated. This makes the user aware that there is a 
new message present, a fact that might be obscured 
in an all text area of the screen. 

5.3 Graphical description of components 

The Space Station Freedom Program (SSFP) Flight 
Human-Computer Interface Standard describes certain 
standards to be applied to all the SSFP-related user- 
interfaces 3 . The requirements were adopted. The 


icons describing lines or cables were depicted as 
straight lines and the buses as thicker straight lines. 
The shapes and the size of circuit breakers and load 
icons were also specified. The sizes specified for the 
circuit breaker and load icons, however, were too 
large for the complexity of our distribution 
schematic. We preserved the design of the icons and 
reduced the sizes from the standards. To assist the 
user in the navigation of the interface, the graphical 
elements were divided into two groups, "clickable" 
and "non-clickable". Clickable elements change the 
user interface when the element is selected by 
clicking on it with a mouse button. The clickable 
components are the buttons, the obvious choice for 
clicking, and the lists of text — not so obvious. The 
buttons on the screen are all the same size and shape 
to avoid confusion. The clickable lists of text, the 
annunciator, and the detailed display window have 
messages emphasizing the clickability of these items. 
The rest of the graphical elements on the screen are 
not clickable. 

5.4 Volume of information and color and size 
relation. 

The less cluttered the user interface screens, the more 
effective the screen design. One way to reduce clutter 
is to convey some information by colors and sizes as 
opposed to messages and numbers. The power 
distribution system delivers power to the required 
loads through a hierarchy of the cables (lines), circuit 
breakers, and busses. Colors are used to convey the 
notion of power flow and electrical potential. A dim 
green color shows the components that are not 
energized while a bright green color shows those that 
are energized. The user can clearly see the path that 
the power takes to get to the scheduled load. Tripping 
a circuit breaker causes all the devices down-stream 
to lose power causing those components to change 


4 


from bright to dim green. An energized component 
has voltage but not necessarily current. When a load 
is connected and operating, current flows through the 
distribution network. Current is depicted using a bar 
graph that resembles a thermometer. The graph fills 
up, from bottom to top, as the current increases. 
The top of the graph represents the breaker's setpoint 
for tripping on over-current. Thus the graph shows 
the operating margin which can be determined with 
a quick glance. 

5.5 Size of alphanumeric characters 

Numeric values are provided for currents, breaker 
trip values, and voltages. The characters are small 
compared with the power component icons because 
they are of secondary importance to the operator. 
The current meters and the highlighted path of 
energized components dominate the display and 
provide the essential monitoring information under 
normal operating conditions. The screen can be 
viewed from a distance or quickly scanned at a 
glance without the need to know the actual numbers 
representing the system’s status. When an anomaly 
occurs, the user naturally concentrates on the display , 
taking a closer look at the numerical values. Thus 
numeric information does not clutter the screen but is 
available when greater detail is needed. 

5.6 Salience using color and size 

The "status-at-a-glance" user interface design strives 
to control the focus of the user’s attention. Color 
salience is one way to make an object distinguishable 
from the rest. Color is used to emphasize the 
energized components: the bright florescent green 
components clearly stand out from the dim green 
ones. Similarly, the annunciator window is bright 
grey which is clearly distinguishable from the dark 


background color. Another way of drawing the user’s 
attention to a graphical object is with the size. Size 
salience is used to focus attention on components 
exhibiting anomalous behavior. An anomaly detected 
in a circuit breaker, for example, is depicted by 
drawing a larger box around the faulty device. 

6.0 CONCLUSION 

The amalgamation of these design features, namely: 
message linking arrows, reduced information content 
screens, high salience anomaly icons, and color 
choices with failure detection and diagnostic 
explanation from an expert system provides an 
effective status-at-a-glance monitoring system for 
power distribution. This user interface design 
presents diagnostic reasoning without compromising 
the monitoring of current events. The display can 
convey complex concepts in terms that are clear to its 
users. 
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